...
Also, see the method weblogic.servlet.security.Utils.encodeXSS() for more information on preventing XSS attacks. Note that the exact escape sequence can differ depending on where the output is embedded. For example, untrusted output may occur in an HTML value attribute, CSS, URL or script and the output encoding routine will differ in each case. Consult the OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet for more information on preventing XSS attacks.
Applicability
Failure to encode or escape output before it is displayed or passed across a trust boundary can result in the execution of arbitrary code.
...